1
22
23 package com.liferay.portal.service.impl;
24
25 import com.liferay.portal.NoSuchPermissionException;
26 import com.liferay.portal.PortalException;
27 import com.liferay.portal.SystemException;
28 import com.liferay.portal.kernel.util.GetterUtil;
29 import com.liferay.portal.kernel.util.Validator;
30 import com.liferay.portal.model.Group;
31 import com.liferay.portal.model.OrgGroupPermission;
32 import com.liferay.portal.model.Organization;
33 import com.liferay.portal.model.Permission;
34 import com.liferay.portal.model.Resource;
35 import com.liferay.portal.model.ResourceCode;
36 import com.liferay.portal.model.ResourceConstants;
37 import com.liferay.portal.model.Role;
38 import com.liferay.portal.model.User;
39 import com.liferay.portal.model.UserGroup;
40 import com.liferay.portal.security.permission.PermissionCacheUtil;
41 import com.liferay.portal.security.permission.PermissionCheckerBag;
42 import com.liferay.portal.security.permission.ResourceActionsUtil;
43 import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
44 import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
45 import com.liferay.portal.util.PropsValues;
46 import com.liferay.portal.util.comparator.PermissionComparator;
47
48 import java.util.ArrayList;
49 import java.util.Iterator;
50 import java.util.List;
51
52 import org.apache.commons.lang.time.StopWatch;
53 import org.apache.commons.logging.Log;
54 import org.apache.commons.logging.LogFactory;
55
56
64 public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
65
66 public Permission addPermission(
67 long companyId, String actionId, long resourceId)
68 throws SystemException {
69
70 Permission permission = permissionPersistence.fetchByA_R(
71 actionId, resourceId);
72
73 if (permission == null) {
74 long permissionId = counterLocalService.increment(
75 Permission.class.getName());
76
77 permission = permissionPersistence.create(permissionId);
78
79 permission.setCompanyId(companyId);
80 permission.setActionId(actionId);
81 permission.setResourceId(resourceId);
82
83 permissionPersistence.update(permission, false);
84 }
85
86 return permission;
87 }
88
89 public List<Permission> addPermissions(
90 long companyId, String name, long resourceId,
91 boolean portletActions)
92 throws SystemException {
93
94 List<Permission> permissions = new ArrayList<Permission>();
95
96 List<String> actions = null;
97
98 if (portletActions) {
99 actions =
100 ResourceActionsUtil.getPortletResourceActions(companyId, name);
101 }
102 else {
103 actions = ResourceActionsUtil.getModelResourceActions(name);
104 }
105
106 for (int i = 0; i < actions.size(); i++) {
107 String actionId = actions.get(i);
108
109 Permission permission = addPermission(
110 companyId, actionId, resourceId);
111
112 permissions.add(permission);
113 }
114
115 return permissions;
116 }
117
118 public void addUserPermissions(
119 long userId, String[] actionIds, long resourceId)
120 throws PortalException, SystemException {
121
122 User user = userPersistence.findByPrimaryKey(userId);
123
124 List<Permission> permissions = permissionFinder.findByU_R(
125 userId, resourceId);
126
127 permissions = getPermissions(
128 user.getCompanyId(), actionIds, resourceId);
129
130 userPersistence.addPermissions(userId, permissions);
131
132 PermissionCacheUtil.clearCache();
133 }
134
135 public List<String> getActions(List<Permission> permissions) {
136 List<String> actions = new ArrayList<String>();
137
138 Iterator<Permission> itr = permissions.iterator();
139
140 while (itr.hasNext()) {
141 Permission permission = itr.next();
142
143 actions.add(permission.getActionId());
144 }
145
146 return actions;
147 }
148
149 public List<Permission> getGroupPermissions(long groupId, long resourceId)
150 throws SystemException {
151
152 return permissionFinder.findByG_R(groupId, resourceId);
153 }
154
155 public List<Permission> getGroupPermissions(
156 long groupId, long companyId, String name, int scope,
157 String primKey)
158 throws SystemException {
159
160 return permissionFinder.findByG_C_N_S_P(
161 groupId, companyId, name, scope, primKey);
162 }
163
164 public List<Permission> getOrgGroupPermissions(
165 long organizationId, long groupId, long resourceId)
166 throws SystemException {
167
168 return permissionFinder.findByO_G_R(
169 organizationId, groupId, resourceId);
170 }
171
172 public long getLatestPermissionId() throws SystemException {
173 List<Permission> permissions = permissionPersistence.findAll(
174 0, 1, new PermissionComparator());
175
176 if (permissions.size() == 0) {
177 return 0;
178 }
179 else {
180 Permission permission = permissions.get(0);
181
182 return permission.getPermissionId();
183 }
184 }
185
186 public List<Permission> getPermissions(
187 long companyId, String[] actionIds, long resourceId)
188 throws SystemException {
189
190 List<Permission> permissions = new ArrayList<Permission>();
191
192 for (int i = 0; i < actionIds.length; i++) {
193 Permission permission = addPermission(
194 companyId, actionIds[i], resourceId);
195
196 permissions.add(permission);
197 }
198
199 return permissions;
200 }
201
202 public List<Permission> getRolePermissions(long roleId)
203 throws SystemException {
204
205 return rolePersistence.getPermissions(roleId);
206 }
207
208 public List<Permission> getRolePermissions(long roleId, long resourceId)
209 throws SystemException {
210
211 return permissionFinder.findByR_R(roleId, resourceId);
212 }
213
214 public List<Permission> getUserPermissions(long userId, long resourceId)
215 throws SystemException {
216
217 return permissionFinder.findByU_R(userId, resourceId);
218 }
219
220 public List<Permission> getUserPermissions(
221 long userId, long companyId, String name, int scope, String primKey)
222 throws SystemException {
223
224 return permissionFinder.findByU_C_N_S_P(
225 userId, companyId, name, scope, primKey);
226 }
227
228 public boolean hasGroupPermission(
229 long groupId, String actionId, long resourceId)
230 throws SystemException {
231
232 Permission permission = permissionPersistence.fetchByA_R(
233 actionId, resourceId);
234
235
238 if (permission == null) {
239 return false;
240 }
241
242 return groupPersistence.containsPermission(
243 groupId, permission.getPermissionId());
244 }
245
246 public boolean hasRolePermission(
247 long roleId, long companyId, String name, int scope,
248 String actionId)
249 throws SystemException {
250
251 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
252 companyId, name, scope);
253
254 List<Resource> resources = resourcePersistence.findByCodeId(
255 resourceCode.getCodeId());
256
257 for (Resource resource : resources) {
258 Permission permission = permissionPersistence.fetchByA_R(
259 actionId, resource.getResourceId());
260
261 if (permission != null) {
262 if (rolePersistence.containsPermission(
263 roleId, permission.getPermissionId())) {
264
265 return true;
266 }
267 }
268 }
269
270 return false;
271 }
272
273 public boolean hasRolePermission(
274 long roleId, long companyId, String name, int scope, String primKey,
275 String actionId)
276 throws SystemException {
277
278 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
279 companyId, name, scope);
280
281 Resource resource = resourcePersistence.fetchByC_P(
282 resourceCode.getCodeId(), primKey);
283
284 if (resource == null) {
285 return false;
286 }
287
288 Permission permission = permissionPersistence.fetchByA_R(
289 actionId, resource.getResourceId());
290
291 if (permission == null) {
292 return false;
293 }
294
295 return rolePersistence.containsPermission(
296 roleId, permission.getPermissionId());
297 }
298
299 public boolean hasUserPermission(
300 long userId, String actionId, long resourceId)
301 throws SystemException {
302
303 Permission permission = permissionPersistence.fetchByA_R(
304 actionId, resourceId);
305
306
309 if (permission == null) {
310 return false;
311 }
312
313 return userPersistence.containsPermission(
314 userId, permission.getPermissionId());
315 }
316
317 public boolean hasUserPermissions(
318 long userId, long groupId, String actionId, long[] resourceIds,
319 PermissionCheckerBag permissionCheckerBag)
320 throws SystemException {
321
322 StopWatch stopWatch = null;
323
324 if (_log.isDebugEnabled()) {
325 stopWatch = new StopWatch();
326
327 stopWatch.start();
328 }
329
330 int block = 1;
331
332
334 if ((Validator.isNull(actionId)) || (resourceIds == null) ||
335 (resourceIds.length == 0)) {
336
337 return false;
338 }
339
340 List<Permission> permissions = permissionFinder.findByA_R(
341 actionId, resourceIds);
342
343
345 if (permissions.size() == 0) {
346 return false;
347 }
348
349
351 long resourceId = resourceIds[0];
352
353 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
354
355 List<Group> groups = permissionCheckerBag.getGroups();
361 List<Role> roles = permissionCheckerBag.getRoles();
362
363 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
364
365
369
373 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
374
375 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
376 return hasUserPermissions_1(
377 userId, actionId, resourceId, permissions, groups, groupId,
378 stopWatch, block);
379 }
380 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
381 return hasUserPermissions_2(
382 userId, actionId, resourceId, permissions, groups, groupId,
383 stopWatch, block);
384 }
385 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
386 return hasUserPermissions_3(
387 userId, actionId, resourceId, permissions, groups, roles,
388 stopWatch, block);
389 }
390 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
391 return hasUserPermissions_4(
392 userId, actionId, resourceId, permissions, groups, roles,
393 stopWatch, block);
394 }
395 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
396 return hasUserPermissions_5(
397 userId, actionId, resourceId, permissions, roles, stopWatch,
398 block);
399 }
400
401 return false;
402 }
403
404 public void setGroupPermissions(
405 long groupId, String[] actionIds, long resourceId)
406 throws PortalException, SystemException {
407
408 Group group = groupPersistence.findByPrimaryKey(groupId);
409
410 List<Permission> permissions = permissionFinder.findByG_R(
411 groupId, resourceId);
412
413 for (Permission permission : permissions) {
414 groupPersistence.removePermission(groupId, permission);
415 }
416
417 permissions = getPermissions(
418 group.getCompanyId(), actionIds, resourceId);
419
420 groupPersistence.addPermissions(groupId, permissions);
421
422 PermissionCacheUtil.clearCache();
423 }
424
425 public void setGroupPermissions(
426 String className, String classPK, long groupId,
427 String[] actionIds, long resourceId)
428 throws PortalException, SystemException {
429
430 long associatedGroupId = 0;
431
432 if (className.equals(Organization.class.getName())) {
433 long organizationId = GetterUtil.getLong(classPK);
434
435 Organization organization =
436 organizationPersistence.findByPrimaryKey(organizationId);
437
438 orgGroupPermissionFinder.removeByO_G_R(
439 organizationId, groupId, resourceId);
440
441 associatedGroupId = organization.getGroup().getGroupId();
442 }
443 else if (className.equals(UserGroup.class.getName())) {
444 long userGroupId = GetterUtil.getLong(classPK);
445
446 UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
447 userGroupId);
448
449 associatedGroupId = userGroup.getGroup().getGroupId();
450 }
451
452 setGroupPermissions(associatedGroupId, actionIds, resourceId);
453 }
454
455 public void setOrgGroupPermissions(
456 long organizationId, long groupId, String[] actionIds,
457 long resourceId)
458 throws PortalException, SystemException {
459
460 Organization organization =
461 organizationPersistence.findByPrimaryKey(organizationId);
462
463 long orgGroupId = organization.getGroup().getGroupId();
464
465 List<Permission> permissions = permissionPersistence.findByResourceId(
466 resourceId);
467
468 for (Permission permission : permissions) {
469 groupPersistence.removePermission(orgGroupId, permission);
470 }
471
472 permissions = getPermissions(
473 organization.getCompanyId(), actionIds, resourceId);
474
475 orgGroupPermissionFinder.removeByO_G_R(
476 organizationId, groupId, resourceId);
477
478 for (Permission permission : permissions) {
479 OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
480 organizationId, groupId, permission.getPermissionId());
481
482 OrgGroupPermission orgGroupPermission =
483 orgGroupPermissionPersistence.create(pk);
484
485 orgGroupPermissionPersistence.update(orgGroupPermission, false);
486 }
487
488 PermissionCacheUtil.clearCache();
489 }
490
491 public void setRolePermission(
492 long roleId, long companyId, String name, int scope, String primKey,
493 String actionId)
494 throws PortalException, SystemException {
495
496 if (scope == ResourceConstants.SCOPE_COMPANY) {
497
498
500 unsetRolePermissions(
501 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
502 actionId);
503 }
504 else if (scope == ResourceConstants.SCOPE_GROUP) {
505
506
508 unsetRolePermissions(
509 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
510 actionId);
511 }
512 else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
513 throw new NoSuchPermissionException();
514 }
515
516 Resource resource = resourceLocalService.addResource(
517 companyId, name, scope, primKey);
518
519 Permission permission = permissionPersistence.fetchByA_R(
520 actionId, resource.getResourceId());
521
522 if (permission == null) {
523 long permissionId = counterLocalService.increment(
524 Permission.class.getName());
525
526 permission = permissionPersistence.create(permissionId);
527
528 permission.setCompanyId(companyId);
529 permission.setActionId(actionId);
530 permission.setResourceId(resource.getResourceId());
531
532 permissionPersistence.update(permission, false);
533 }
534
535 rolePersistence.addPermission(roleId, permission);
536
537 PermissionCacheUtil.clearCache();
538 }
539
540 public void setRolePermissions(
541 long roleId, long companyId, String name, int scope, String primKey,
542 String[] actionIds)
543 throws PortalException, SystemException {
544
545 for (int i = 0; i < actionIds.length; i++) {
546 String actionId = actionIds[i];
547
548 setRolePermission(
549 roleId, companyId, name, scope, primKey, actionId);
550 }
551 }
552
553 public void setRolePermissions(
554 long roleId, String[] actionIds, long resourceId)
555 throws PortalException, SystemException {
556
557 Role role = rolePersistence.findByPrimaryKey(roleId);
558
559 List<Permission> permissions = permissionFinder.findByR_R(
560 roleId, resourceId);
561
562 rolePersistence.removePermissions(roleId, permissions);
563
564 permissions = getPermissions(
565 role.getCompanyId(), actionIds, resourceId);
566
567 rolePersistence.addPermissions(roleId, permissions);
568
569 PermissionCacheUtil.clearCache();
570 }
571
572 public void setUserPermissions(
573 long userId, String[] actionIds, long resourceId)
574 throws PortalException, SystemException {
575
576 User user = userPersistence.findByPrimaryKey(userId);
577
578 List<Permission> permissions = permissionFinder.findByU_R(
579 userId, resourceId);
580
581 userPersistence.removePermissions(userId, permissions);
582
583 permissions = getPermissions(
584 user.getCompanyId(), actionIds, resourceId);
585
586 userPersistence.addPermissions(userId, permissions);
587
588 PermissionCacheUtil.clearCache();
589 }
590
591 public void unsetRolePermission(long roleId, long permissionId)
592 throws SystemException {
593
594 Permission permission = permissionPersistence.fetchByPrimaryKey(
595 permissionId);
596
597 if (permission != null) {
598 rolePersistence.removePermission(roleId, permission);
599 }
600
601 PermissionCacheUtil.clearCache();
602 }
603
604 public void unsetRolePermission(
605 long roleId, long companyId, String name, int scope, String primKey,
606 String actionId)
607 throws SystemException {
608
609 ResourceCode resourceCode =
610 resourceCodeLocalService.getResourceCode(
611 companyId, name, scope);
612
613 Resource resource = resourcePersistence.fetchByC_P(
614 resourceCode.getCodeId(), primKey);
615
616 if (resource != null) {
617 Permission permission = permissionPersistence.fetchByA_R(
618 actionId, resource.getResourceId());
619
620 if (permission != null) {
621 rolePersistence.removePermission(roleId, permission);
622 }
623 }
624
625 PermissionCacheUtil.clearCache();
626 }
627
628 public void unsetRolePermissions(
629 long roleId, long companyId, String name, int scope,
630 String actionId)
631 throws SystemException {
632
633 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
634 companyId, name, scope);
635
636 List<Resource> resources = resourcePersistence.findByCodeId(
637 resourceCode.getCodeId());
638
639 for (Resource resource : resources) {
640 Permission permission = permissionPersistence.fetchByA_R(
641 actionId, resource.getResourceId());
642
643 if (permission != null) {
644 rolePersistence.removePermission(roleId, permission);
645 }
646 }
647
648 PermissionCacheUtil.clearCache();
649 }
650
651 public void unsetUserPermissions(
652 long userId, String[] actionIds, long resourceId)
653 throws SystemException {
654
655 List<Permission> permissions = permissionFinder.findByU_A_R(
656 userId, actionIds, resourceId);
657
658 userPersistence.removePermissions(userId, permissions);
659
660 PermissionCacheUtil.clearCache();
661 }
662
663 protected boolean checkOrgGroupPermission(
664 List<Organization> organizations, List<Group> groups,
665 List<Permission> permissions)
666 throws PortalException, SystemException {
667
668 for (Permission permission : permissions) {
669 if (checkOrgGroupPermission(organizations, groups, permission)) {
670 return true;
671 }
672 }
673
674 return false;
675 }
676
677 protected boolean checkOrgGroupPermission(
678 List<Organization> organizations, List<Group> groups,
679 Permission permission)
680 throws PortalException, SystemException {
681
682
685 if ((organizations.size() == 0) || (groups.size() == 0)) {
686 return false;
687 }
688
689
692 List<OrgGroupPermission> orgGroupPermissions =
693 orgGroupPermissionPersistence.findByPermissionId(
694 permission.getPermissionId());
695
696 if (orgGroupPermissions.size() == 0) {
697 return false;
698 }
699
700 for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
701 if (orgGroupPermission.containsOrganization(organizations) &&
702 orgGroupPermission.containsGroup(groups)) {
703
704 return true;
705 }
706 }
707
708
712 throw new NoSuchPermissionException(
713 "User has a permission in OrgGroupPermission that does not match");
714 }
715
716 protected boolean hasUserPermissions_1(
717 long userId, String actionId, long resourceId,
718 List<Permission> permissions, List<Group> groups, long groupId,
719 StopWatch stopWatch, int block)
720 throws SystemException {
721
722
725 if (groups.size() > 0) {
726 if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
727 return true;
728 }
729 }
730
731 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
732
733
736 if (groups.size() > 0) {
737 if (permissionFinder.countByGroupsPermissions(
738 permissions, groups) > 0) {
739
740 return true;
741 }
742 }
743
744 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
745
746
748 if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
749 return true;
750 }
751
752 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
753
754
756 if (permissionFinder.countByUserGroupRole(
757 permissions, userId, groupId) > 0) {
758
759 return true;
760 }
761
762 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
763
764
766 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
767 return true;
768 }
769
770 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
771
772 return false;
773 }
774
775 protected boolean hasUserPermissions_2(
776 long userId, String actionId, long resourceId,
777 List<Permission> permissions, List<Group> groups, long groupId,
778 StopWatch stopWatch, int block)
779 throws SystemException {
780
781
784 if (permissionFinder.containsPermissions_2(
785 permissions, userId, groups, groupId)) {
786
787 return true;
788 }
789
790 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
791
792 return false;
793 }
794
795 protected boolean hasUserPermissions_3(
796 long userId, String actionId, long resourceId,
797 List<Permission> permissions, List<Group> groups, List<Role> roles,
798 StopWatch stopWatch, int block)
799 throws SystemException {
800
801
804 if (groups.size() > 0) {
805 if (permissionFinder.countByGroupsPermissions(
806 permissions, groups) > 0) {
807
808 return true;
809 }
810 }
811
812 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
813
814
817 if (roles.size() > 0) {
818 if (permissionFinder.countByRolesPermissions(
819 permissions, roles) > 0) {
820
821 return true;
822 }
823 }
824
825 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
826
827
829 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
830 return true;
831 }
832
833 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
834
835 return false;
836 }
837
838 protected boolean hasUserPermissions_4(
839 long userId, String actionId, long resourceId,
840 List<Permission> permissions, List<Group> groups, List<Role> roles,
841 StopWatch stopWatch, int block)
842 throws SystemException {
843
844
847 if (permissionFinder.containsPermissions_4(
848 permissions, userId, groups, roles)) {
849
850 return true;
851 }
852
853 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
854
855 return false;
856 }
857
858 protected boolean hasUserPermissions_5(
859 long userId, String actionId, long resourceId,
860 List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
861 int block)
862 throws SystemException {
863
864 if (roles.size() > 0) {
865 if (permissionFinder.countByRolesPermissions(
866 permissions, roles) > 0) {
867
868 return true;
869 }
870 }
871
872 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
873
874 return false;
875 }
876
877 protected void logHasUserPermissions(
878 long userId, String actionId, long resourceId, StopWatch stopWatch,
879 int block) {
880
881 if (!_log.isDebugEnabled()) {
882 return;
883 }
884
885 _log.debug(
886 "Checking user permissions block " + block + " for " + userId +
887 " " + actionId + " " + resourceId + " takes " +
888 stopWatch.getTime() + " ms");
889 }
890
891 private static Log _log =
892 LogFactory.getLog(PermissionLocalServiceImpl.class);
893
894 }